We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you a podcast all about Citrix Workspace, moving to the cloud, and analytics & intelligence. Episode 2 coming soon!Listen Now


Accessing Remote desktop through Nat network

Medium Priority
Last Modified: 2013-11-21
I have situation where i have 2 isolated network
let me explain more about the 2 networks first.
- both network have their own Internet provider
- each network configured to block any incoming traffic but allow any outgoing traffic to the Internet.
- one of the network allow only out going traffic through proxy.
- both network uses NAT.

i have 2 systems one in each network (both windows xp)  and have Remote desktop running on it
since i can't change the configuration of the network on the Internet gateway i can't setup port forwarding for it

what i want is to be able to access the machine  in the other network using remote desktop ?
Watch Question

you will need to configure the NAT entries on each network to allow port 3389 through and map the port to the ip address of the server/pc inside each network. Also, you will need to enable the 'Allow users to connect remotely to this computer' check box in the 'Remote' tab of System properties on each PC that you want to access via Remote Desktop.

Hope this helps


That is the problem i can't change the configuration or enable any ports/ or even setup a prot forward on  the firewall/gateway ..

i was thinking of adding a third machine on the net that both machine connect to but i don't know how. or what software can help
I'm not sure in your current configuration if you could do this without access to the gateway or NAT entries. If you added a third machine, it would have to have an O/S that has NAT server capability such as Windows 2000/2003 Server and then you could configure your NAT entries there, although you would then still need to change the gateway addresses on both networks to point to this new server and it seems like a fairly expensive route to go to be honest.

you could try using some other free remote access programs and see if they can get through the firewall/gateway such as VNC (www.realvnc.com) or RAdmin (www.radmin.com) although if the firewall is setup any way correctly, then I can't see it allowing these through either.
Sam PanwarSr. Server Administrator

IF you want to remote access to other network then you must have

1. A user and password of the network user which have the permission of remote desktop or terminal service on both networks.
2. You have a gateway server or you make any computer to a gateway pc which route your IP address means you can use the remote and routing service on both gateway. Which is NAT your request?
3. If you are using the proxy server then you can have the allow terminal service port 3389 enabled .
4. IF you have firewall then also check the port and ip range

I think your problem resolved


Still i know this
let me clear it more.
I have no access to any of the Gateway / proxy configuration .. that's why i can't set any ports on the gateway or the proxy.
the idea i got is to have the 2 systems report to a third system on the net  ( since only outgoing traffic is allowed ) .
the third machine will act as a switch between them and transfer the the data coming from both to each other.

Is there away to do this by any application or port forwarding application for windows xp !?
Distinguished Expert 2019

If both machines are going to connect to that machine out on the net using RDP, your only change is to set up that machine on the net to use a different port than 3389... maybe something like 8080 since it's a web port. Other than that though, you're pretty much screwed since you have no control over the network. (Not really sure of your intention, so I'm not really going to list that piece in here)

But it sounds like chances are the network operators are blocking access to that port when it's going outside of the network. That's something you obviously won't be able to change. However, if they're blocking RDP traffic, period, then you can't use remote desktop.
Top Expert 2013
If you cannot re-configure the hardware, an alternative may be to use a relatively new, free, 3rd party, VPN server/client, called Hamachi.  Hamachi requires no configuration of ports on a firewall or other devices such as remote desktop, VNC, RAdmin do. It makes 2 out going connections from both systems to a 3rd party server, which coordinates the handshaking, and then sends them on their merry way. Because the initial requests are outgoing connections, no firewall modifications are required to configure incoming connections. If you have added specific outgoing firewall or proxy blocking rules this may not be possible. Once Hamachi has established the VPN connection, all ports within the VPN are open as if you were on the local network. Therefore you can then use remote desktop, file sharing, or other services you require. You may want to have a look. It is very simple to set up:
If you wish to run it as a service there is a paid version or you can do so with a couple of little Microsoft apps and changes:
see batch file near end:

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts


Thanks Robwill
i was thinking about VPN connection to the server on the net
hamachi is really a good sloution for it

THanks again
Top Expert 2013

Thanks WaielEid.  
Hamachi should work well so long as someone has not intentionally added out going filters to block it. No default rule should cause a problem. Using the Windows Server VPN won't likely work either, as it requires port forwarding, so you are quite limited.

Good luck,
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.